I am trying to create htaccess rules at the root of a client site to block traffic from a specific subfolder where wordpress is installed.
Here is my structure
site.com
|--blog
|--.htaccess
|--wp-files
.htaccess
site-root-files
My root htaccess file look like this:
RewriteEngine On
# Define the list of exception folders
RewriteCond %{REQUEST_URI} ^/blog/([^/]+)/
RewriteCond %{REQUEST_URI} !^/blog/(wp-admin|wp-json)/
# List of exception files
RewriteCond %{REQUEST_URI} ^/blog/wp-login.php$ [NC]
RewriteCond %{REQUEST_URI} !^/blog/wp-login.php$
# Redirect all other requests under /blog/
RewriteCond %{REQUEST_URI} ^/blog/
RewriteRule ^/blog/ / [L]
Redirect 301 /tmp /
ErrorDocument 404 /error/404.html
Nothing seems to work except the last two lines the tmp redirect and the 404 page.
WordPress is installed in the blog folder.
Then it dawned on my that WordPress might have its own htaccess file. It does and it looks like this:
# BEGIN WordPress
# Direktiverne (linjer) mellem 'BEGIN WordPress' og 'END WordPress' er
# dynamisk genereret og bør kun ændres via WordPress-filtre.
# Eventuelle ændringer i direktiverne mellem disse markører vil blive overskrevet.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /blog/
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>
# END WordPress
What have I tried?
Commenting out all of the rules in the blog/.htaccess file
Inverting the functions in the site root .htaccess file.
Nothing seems to work.
My regex knowledge is pretty basic but I can wrap my head around this. !^/blog/(wp-admin|wp-json)/ looks like not/don’t write rewrite rules for blog/wp-admin, or blog/wp-json etc
TL;DR
Block access to
site.com/blog
With these exceptions (allow access to)
site.com/blog/wp-adminsite.com/blog/wp-jsonsite.com/blog/wp-login.php
Can anyone help me?